Security expert Charlie Miller has exploited and demonstrated an NFC attack on Android and Nokia devices at the 2012 Black Hat security conference. Weeks ago I read that Miller, who has become well known for his hacking ability when it comes to Apple products, was planning on demonstrating a vulnerability with NFC technology. He showed how NFC tags can be used to trick people into visiting malicious site without them even knowing. A hacker could carry out an attack like this just by replacing an NFC tag that is meant for say a companies website, and putting an NFC tag that will guide the person to another website.
Miller said in the Nokia N9, which is a Mee-Go powered headset, the NFC vulnerability is when NFC is enabled on the device, it will, by default, accept any NFC request without user permission. Miller was able to exploit this and establish a bluetooth connection even if bluetooth was not turned on, and essentially a hacker can use this to make phone calls, send text messages and even download data.
Miller showed how once directed to a malicious website, he could download and install a virus to attack a security hole in the Android browser to read cookies and view the webpages visited by the user. Miller says that is can ultimately give a hacker complete control over a victims headset. Though this vulnerability has been closed off in Android 4.0 but can affect users running Android 2.3 Gingerbread which is over 60% of users. Also Miller acknowledged this can only be exploited if an attacker was able to get within a few centimeters of affected devices.
Mark Cathey's Tech Site 